Re: [cross-project-issues-dev] cross-project-issues-dev Digest, Vol 84,

[Markus Alexander Kuppe <cross-project-issues-dev_eclipse.org@xxxxxxxxxxx>]

On 01/07/2013 05:11 PM, Denis Roy wrote:
> I'm not sure I follow your train of thought re: exposing the ssh port to
> the world, since build/dev/git.eclipse.org's SSH port already is.  My
> fear is that, if committer passwords and/or private keys are stored on
> anonymously-accessible web applications (such as hudson.eclipse.org)
> that information could potentially be obtained by individuals with ill
> intent.  If the committer account in question has a full shell, that
> could mean real trouble for us from a security perspective.

Hi Denis,

what about a restricted shell then that is limited to certain commands
like git pushing tags and uploading/downloading binary artifacts for
signing? In combination with a per-project build/ci-account it would
help improve security further.

Markus